Avoid receiving spams : rspamd

Rspamd is a very complete mail filter. It is not only an anti-spam, but can handle greylisting, DKIM...

It is also very fast and efficient. If you want to use it, you should read it's official documentation. For now, let's see how to use it with OpenBSD's smtpd as an antispam and for DKIM.

Install

# pkg_add rspamd redis opensmtpd-filter-rspamd
# rcctl enable redis rspamd
# rcctl start redis rspamd

/etc/mail/smtpd.conf

Just add a new filter named "filter-rspamd" and use it for incoming messages.

filter rspamd proc-exec "filter-rspamd"
### filtre en reception
listen on all tls pki athome.tld \
    filter { rspamd }

DKIM with rspamd

Since rspamd can handle DKIM signatures, you won't have to configure dkimproxy or another tool.

Create keys as described before and make sure they belong to _rspamd group.

# chown -R _rspamd:_rspamd /etc/dkim/

Remember to edit your DNS zone 😉.

Now create "/etc/rspamd/local.d/dkim_signing.conf" file :

# If true, username does not need to contain matching domain
allow_username_mismatch = true;
path = "/etc/dkim/private.key";
selector = "dkimpubkey";

Then add a few lines in "/etc/mail/smtpd.conf" to sign outgoing messages :

filter rspamd proc-exec "filter-rspamd"
### Send and DKIM sign with rspamd
listen on all port submission tls-require pki athome.tld auth \
    filter { rspamd }

Greylisting

Rspamd does greylisting by default. If you want to still use spamd instead, disable rspamd greylisting in file "/etc/rspamd/local.d/actions.conf" :

greylist = none;

And file /"etc/rspamd/local.d/greylist.conf" :

enabled = false;

Spamtraps

Contrairement à spamd, rspamd ne garde pas captif les spammeurs qui écrivent sur une spamtrap. Cela sert tout de même à reconnaître des spammeurs pour plus tard.

You can use a spamtrap (like what spamd does) using the following lines in "/etc/rspamd/local.d/spamtrap.conf" :

action = "no action";
learn_spam = true;
map = file://$LOCAL_CONFDIR/maps.d/spamtrap.map;
enabled = true;

Then fill with regular expressions of fake trap mail addresses : "/etc/rspamd/maps.d/spamtrap.map"

/^trap@athome.tld$/
/^fake@athome.tld$/

Blacklists

To do so, use multimap module.

See WebUI

Configure admin following these instructions

Then, dig a SSH tunnel from your computer and open in a browser http://localhost:9999.

ssh -N -L 9999:127.0.0.1:11334 sshuser@athome.tld

Enjoy wonderfull charts 😄